MDKSA-2003:077

Problem description

Several vulnerabilities were discovered in all versions of phpgroupware
prior to 0.9.14.006. This latest version fixes an exploitable
condition in all versions that can be exploited remotely without
authentication and can lead to arbitrary code execution on the web
server. This vulnerability is being actively exploited.
Version 0.9.14.005 fixed several other vulnerabilities including
cross-site scripting issues that can be exploited to obtain
sensitive information such as authentication cookies.
This update provides the latest stable version of phpgroupware and all
users are encouraged to update immediately. In addition, you should
also secure your installation by including the following in your Apache
configuration files:
Order allow,deny
Deny from all